Apple earlier today published a detailed report outlining in blatant terms the negative impact that sideloading would have on the iPhone and iPad, specifically calling out the impacts it would have on user privacy and security. Now, the company is continuing its PR push, with an executive suggesting in an interview that users who wish to sideload apps should move to Android.
Speaking to Fast Company, Apple’s head of user privacy, Erik Neuenschwander, said that opening the doors to sideloading apps on iPhone and iPad, which would enable users to download apps from the web and other app marketplaces besides Apple’s App Store, could lead the user to be “tricked or duped” into “some dark alley.”
The executive, who made an appearance at the company’s developer conference last year, ultimately said that iOS is not the platform for users who wish to sideload apps, suggesting that those users should move to Android.
“Sideloading in this case is actually eliminating choice,” he says. “Users who want that direct access to applications without any kind of review have sideloading today on other platforms. The iOS platform is the one where users understand that they can’t be tricked or duped into some dark alley or side road where they’re going to end up with a sideloaded app, even if they didn’t intend to.”
Currently, apps must go through Apple’s rigorous App Store review process, but if sideloading was allowed, apps would be able to bypass the review process. Neuenschwander also said that sideloading apps would leave the user vulnerable to viruses, malware, and more.
“Today, we have our technical defenses, we have our policy defenses, and then we still have the user’s own smarts,” Neuenschwander says, referring to Apple’s App Store processes. Sideloading would negate those defenses, he contends.
“Even users who intend—they’ve consciously thought themselves that they are only going to download apps from the App Store—well, the attackers know this, so they’re going to try to convince that user that they’re downloading an app from the App Store even when that’s not happening,” Neuenschwander says. “Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device. And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple’s.”
Unlike the tightly controlled nature of the iPhone and iPad, users are able to download and run apps from places other than the App Store on macOS. Neuenschwander attempted to draw a clear distinction between iOS and macOS, pointing out that the iPhone is a device that users have all the time, carrying personal information such as their location. He noted that the data on iPhone is “more enticing” to a potential attacker compared to information on the Mac.
“It’s the device you carry around with you,” Neuenschwander notes. “So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you. It has a microphone, and therefore that’s a microphone that could be around you much more than your Mac’s microphone is likely to be. So the kind of sensitive data [on the iPhone] is more enticing to an attacker.”
Neuenschwander went on to explain the difference in usage between the iPhone and Mac. According to Neuenschwander, users on Mac tend to only download a few applications needed for their job and not explore other applications. On the contrary, iPhone users are downloading apps continuously, making sideloading more dangerous, according to the executive.
But that’s not all. “The pattern of use of the Mac—just the style, how people use that platform—tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state,” Neuenschwander explains. “But what we’ve all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis. And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side.”
Craig Federighi, Apple’s software chief overseeing the development of iOS and macOS, said during his testimony for the Epic Games trail that the level of malware on the Mac is at an unacceptable level, possibly warning that similar levels of malware could make its way to the iPhone if sideloading was enabled.